DEV Community

Intesar Mohammed
Intesar Mohammed

Posted on

2 1

Running Basic Security Tests Against Twitter API

I tweet once in a while about product/organization updates. I've built a couple of Twitter integrations in the past.

As part of security research, I look for vulnerabilities in public APIs and mobile/web backend APIs. I often use the free API security testing tool to run basic tests. These tests are safe and non-intrusive; they detect OAuth 2.0/JWT/Authentication flaws in APIs. Twitter and similar organizations wouldn't mind or see these tests.
https://apisec-inc.github.io/pentest/

I used this Twitter API OpenAPI Specification file URL for testing:
https://api.twitter.com/labs/2/openapi.json

Here is the simple process I followed. I pointed the tool to the Twitter OpenAPI Spec file and just ran the basic tests to see what it returns.
The result came back with one endpoint being open to the public. Upon further investigation, I realized the endpoint was returning the API scheme, so it wasn't a big deal.

Security Report

Vulnerabilities

Conclusion: All Twitter API endpoints are secure, and no issues were found.

👋 While you are here

Reinvent your career. Join DEV.

It takes one minute and is worth it for your career.

Get started

Top comments (0)

Billboard image

Try REST API Generation for MS SQL Server.

DreamFactory generates live REST APIs from database schemas with standardized endpoints for tables, views, and procedures in OpenAPI format. We support on-prem deployment with firewall security and include RBAC for secure, granular security controls.

See more!

👋 Kindness is contagious

Engage with a sea of insights in this enlightening article, highly esteemed within the encouraging DEV Community. Programmers of every skill level are invited to participate and enrich our shared knowledge.

A simple "thank you" can uplift someone's spirits. Express your appreciation in the comments section!

On DEV, sharing knowledge smooths our journey and strengthens our community bonds. Found this useful? A brief thank you to the author can mean a lot.

Okay